tags:

views:

557

answers:

4
Q: 

How to check case sensitive password in sql server08

Hi All, In my application I am sending password to database,lets say my Password is PassworD123. Now this is giving me proper value ,but when i am using password123..its also giving me the proper value.So how to chaeck for case sensitive data in SQL server. Any demo code will help. Thanks.

+5  A: 

Why not use encryption to store the passwords in the database such as md5 because they will return different hashed versions for example

Md5 of password123 = 482c811da5d5b4bc6d497ffa98491e38

Md5 of PassworD123 = bbac8ba35cdef1b1e6c40f82ff8002ea

and when you compare them 2 they are clearly different.

I think you are using ASP therefore i dont know if it has an md5() function built in but php does have it. Another thing you should know is that if you are storing passwords in a database its better to store them using some sort of encryption that cannot be reversed

Shahmir Javaid  2009-05-22 04:43:06
Thanks.Good Point.
Wondering  2009-05-22 04:45:10
I strongly encourage you to read the link I posted in my response. "MD5" is no longer an acceptable answer.
TML  2009-05-22 04:46:45
^ I agree, therefore i only suggest the above for an example just to get a clear pic :D
Shahmir Javaid  2009-05-22 04:51:50
Sorry, that wasn't intended to come across as critical - merely a strong encouragment to Wondering to read up on the subject.
TML  2009-05-22 05:11:47
I read it and i must say its a must read before building a database that needs password storage :D
Shahmir Javaid  2009-05-22 10:43:00
+2  A: 

The immediate answer to your query is here: http://sqlserver2000.databases.aspfaq.com/how-can-i-make-my-sql-queries-case-sensitive.html

However I think your approach to storing / comparing passwords is a bit wrong. You should not be storing the password directly in the database. At-least MD5 it or something.

Alterlife  2009-05-22 04:43:45
+2  A: 

Well, the short answer is to use a case-sensitive collation - the longer answer is don't store plaintext passwords in your database!

TML  2009-05-22 04:43:52
A: 

You can use COLLATE clause in your T-SQL statement.

Ex.

SELECT * FROM dbo.TableName WHERE Password = @ password COLLATE SQL_Latin1_General_CP1_CS_AS
Gordian Yuan  2009-05-22 04:45:49
Lets' hope they use the "Latin1_General_BIN" collation in their actual solution and not a legacy SQL collation...
gbn  2009-05-22 05:02:33

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?